There are few details at this point, but according to the data the attackers dumped, the attack was carried out via a SQL injection attack. This means that the website was not doing proper input validation, allowing the attackers to put their own SQL commands into a text field on the website, and that code was then passed on directly to the database. This type of attack has been on the decline over the past five years but is still a dangerous threat. In addition to the SQL injection vulnerability, the database was also storing the passwords in cleartext.

The list of usernames and passwords have already been posted to the Internet, although the website is extremely slow due to heavy loads. You may want to check whether you were impacted by the attack or not.

The attackers call themselves “D33Ds Company” and Yahoo! has not made an official statement about the breach. In typical “hactavist” fashion, the group claims they’re doing it to help people out and even include a quote from Jean Vanier, stating, “Growth begins when we accept our own weakness.”